Lucene search
K

125 matches found

OSV
OSV
added 2019/09/25 8:15 p.m.4 views

CVE-2019-16889

Ubiquiti EdgeMAX devices before 2.0.3 allow remote attackers to cause a denial of service disk consumption because .cache files in /var/run/beaker/containerfile/ are created when providing a valid length payload of 249 characters or fewer to the beaker.session.id cookie in a GET header. The...

7.5CVSS7.2AI score0.0509EPSS
Exploits1References3
CNVD
CNVD
added 2019/09/17 12:0 a.m.5 views

CloudBees Jenkins Beaker Builder Information Disclosure Vulnerability

CloudBees Jenkins Hudson Labs is the United States CloudBees company's set of Java-based development of continuous integration tools . The product is mainly used to monitor the continuous software version release/testing projects and some timed tasks . Dependency Graph Viewer Plugin is used in...

5.5CVSS6.3AI score0.00291EPSS
Exploits0References1
NVD
NVD
added 2019/09/12 2:15 p.m.32 views

CVE-2019-10398

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

5.5CVSS5.4AI score0.00291EPSS
Exploits0References2
OSV
OSV
added 2019/09/12 2:15 p.m.3 views

CVE-2019-10398

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

5.5CVSS5.8AI score0.00291EPSS
Exploits0References2
Prion
Prion
added 2019/09/12 2:15 p.m.24 views

Design/Logic Flaw

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

2.1CVSS5.3AI score0.00291EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2019/09/12 1:55 p.m.83 views

CVE-2019-10398

The CVE-2019-10398 entry concerns Jenkins Beaker Builder Plugin (versions ≤ 1.9). The vulnerability arises from credentials being stored unencrypted in the plugin’s global configuration file on the Jenkins master, enabling users with file-system access to view them. Impact is credential disclosur...

5.5CVSS5.3AI score0.00291EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2019/09/12 1:55 p.m.29 views

CVE-2019-10398

Jenkins Beaker Builder Plugin 1.9 and earlier stored credentials unencrypted in its global configuration file on the Jenkins master where they could be viewed by users with access to the master file system...

5.4AI score0.00291EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2019/09/12 12:0 a.m.6 views

PT-2019-11792 · Jenkins · Jenkins Beaker Builder Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Beaker Builder Plugin versions 1.9 and earlier Description: The issue concerns the storage of credentials in the Jenkins Beaker Builder Plugin. Specifically, the plugin stored credentials unencrypted in its global configuration file o...

5.5CVSS5.3AI score0.00291EPSS
Exploits0References5
Prion
Prion
added 2017/09/06 9:29 p.m.13 views

Cross site scripting

Cross-site scripting XSS vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job...

3.5CVSS5.6AI score0.00929EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2017/09/06 9:29 p.m.16 views

Design/Logic Flaw

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively...

4CVSS6.8AI score0.01095EPSS
Exploits1References4Affected Software1
Prion
Prion
added 2017/09/06 9:29 p.m.12 views

Xxe

XML external entity XXE vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system...

4CVSS6.3AI score0.01284EPSS
Exploits0References5Affected Software1
NVD
NVD
added 2017/09/06 9:29 p.m.12 views

CVE-2015-3163

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively...

4.3CVSS4.5AI score0.01095EPSS
Exploits1References4
NVD
NVD
added 2017/09/06 9:29 p.m.16 views

CVE-2015-3160

XML external entity XXE vulnerability in bkr/server/jobs.py in Beaker before 20.1 allows remote authenticated users to obtain sensitive information via submitting job XML to the server containing entity references which reference files from the Beaker server's file system...

4.3CVSS4.2AI score0.01284EPSS
Exploits0References5
NVD
NVD
added 2017/09/06 9:29 p.m.13 views

CVE-2015-3162

Cross-site scripting XSS vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job...

5.4CVSS5.1AI score0.00929EPSS
Exploits0References5
NVD
NVD
added 2017/09/06 9:29 p.m.16 views

CVE-2015-3161

The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape tags in string literals when producing JSON...

4.8CVSS5.3AI score0.00827EPSS
Exploits0References5
Prion
Prion
added 2017/09/06 9:29 p.m.12 views

Code injection

The search bar code in bkr/server/widgets.py in Beaker before 20.1 does not escape tags in string literals when producing JSON...

3.5CVSS7.3AI score0.00827EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2017/09/06 9:0 p.m.16 views

CVE-2015-3162

Cross-site scripting XSS vulnerability in the edit comment dialog in bkr/server/widgets.py in Beaker 20.1 allows remote authenticated users to inject arbitrary web script or HTML via writing a crafted comment on an acked or nacked canceled job...

5.1AI score0.00929EPSS
Exploits0References5
Cvelist
Cvelist
added 2017/09/06 9:0 p.m.19 views

CVE-2015-3163

The admin pages for power types and key types in Beaker before 20.1 do not have any access controls, which allows remote authenticated users to modify power types and key types via navigating to $BEAKER/powertypes and $BEAKER/keytypes respectively...

4.4AI score0.01095EPSS
Exploits1References4
CVE
CVE
added 2017/09/06 9:0 p.m.47 views

CVE-2015-3162

CVE-2015-3162 affects Beaker 20.1 in the Beaker project. Description: a Cross-site scripting (XSS) vulnerability in the edit comment dialog (bkr/server/widgets.py) enables remote authenticated users to inject arbitrary web script or HTML by writing a crafted comment on an acknowledged or nacked c...

5.4CVSS5AI score0.00929EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2017/09/06 9:0 p.m.44 views

CVE-2015-3161

The CVE affects Beaker prior to version 20.1. The search bar code in bkr/server/widgets.py fails to escape tags in string literals when producing JSON, enabling potential cross‑site/script injection via JSON output. The Beaker vulnerability is described consistently across sources (NVD/NVD-deriv...

4.8CVSS5.3AI score0.00827EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder